NSBA Testifies on Cybersecurity

July 26, 2017

On July 26, the House Committee on Small Business held a hearing on Small Business Cybersecurity Insurance. NSBA Leadership Council member Robert Luft, President of SureFire Innovations based in Cincinnati, Ohio was among the witnesses testifying at the hearing. Mr. Luft’s company is a certified Service Disabled Veteran Owned Small Business (SDVOSB) and Minority Business Enterprise (MBE). SureFire Innovations is a network design, security, and installation company that specializes in developing robust network management systems.

Small businesses rely on information technology more than ever, yet the very tools that make small businesses competitive have also put them in the crosshairs of cyber attackers. In fact, the level of risk for being a target of cyber-crime is high, 42 percent of small businesses surveyed by the NSBA reported being a victim of a cyber- attack, with cyber-attacks cost an average $32,021 for companies whose business banking accounts were hacked, and $7,115 on average for small businesses overall. As the federal government and private sector continue to work to strengthen small business cybersecurity, a potential option for reducing the impact of a cyber-attack on a small business is cybersecurity insurance.

The full committee hearing examined how cybersecurity insurance solutions can help small businesses recover from a cyber-attack. Additionally, the hearing examined the challenges small businesses face in selecting a cybersecurity insurance policy and the hurdles insurers must overcome to offer viable and comprehensive cybersecurity insurance solutions.

According to Mr. Luft, one of the most popular responses on why small businesses do not allocate financial resources to threat mitigation is that they feel they do not store any valuable data. This is a misconception on what constitutes valuable data – email, phone numbers, billing addresses may be viewed as not valuable information to the small business, but to a cyber-criminal, these are very valuable and effective data points that can be used for malicious purposes. Although, small-business owners are becoming increasingly tech savvy, limited resources and knowledge still leave many vulnerable to cyber-threats.

Before purchasing SureFire Innovations cyber-liability insurance policy, Mr. Luft was like the vast majority of small-business owners, he felt as though, his company was too small to be targeted, the cost of another insurance policy was not within his operating budget, and did not know the actual value of having a policy. However, in 2016, he made the decision to evaluate his entire network and cybersecurity methods and make an honest assessment of what his company vulnerabilities were and how to effectively mitigate them. Ultimately, he purchased a cybersecurity insurance policy that worked best to meet his company’s needs.

Cyber-attacks are an ongoing threat of the internet age, as more and more small businesses rely on web-based products and services, and it will only persist and evolve as long as the internet continues to facilitate commerce in the global economy. It is unlikely that there will be one solution to stop all the attacks. In fact, slowing and preventing these attacks will most likely require an ongoing process to identify new threats, vulnerabilities and ultimately solutions. NSBA has long urged Congress to always bear in mind the unique challenges that small businesses face and continue to include the small-business community in that process.